Over the weekend I decided to configure my NetBSD system to stop sending emails to the local mbox (where I never read them) and start sending emails correctly to the internet. I also wanted to do so using my gmail account. Most of my info came from
here but it's a little verbose for my tastes. Basically I had to do the following:
PKG_OPTIONS.postfix+= sasl
ACCEPTABLE_LICENSES+= postfix-license
build and install pkgsrc/mail/postfixinstall (I used a binary) pkgsrc/security/cyrus-saslinstall (I used a binary) pkgsrc/security/cy2-plain-2.1.23cp /usr/pkg/share/examples/rc.d/postfix /etc/rc.d/modify /usr/pkg/etc/postfix/main.cf
relayhost = [smtp.gmail.com]:587
#use ssl/tls
smtp_use_tls = yes
smtp_tls_policy_maps = hash:/usr/pkg/etc/postfix/tls_policy
#Now add a username and password
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/pkg/etc/postfix/sasl_passwd
smtp_sasl_security_options=
add /usr/pkg/etc/postfix/tls_policy
smtp.gmail.com MUST
add /usr/pkg/etc/postfix/sasl_passwd
[smtp.gmail.com]:587 username@gmail.com:password
/usr/pkg/sbin/postmap /usr/pkg/etc/postfix/tls_policy/usr/pkg/sbin/postmap /usr/pkg/etc/postfix/sasl_passwd/etc/rc.d/postfix startNow test with mailx someone@something.com and watch the maillog. I do get a warning about not liking the thawt cert, so I may figure out how to import it, but other tutorials all talked about needing your own CA and other insanity. I would hope the MUST in tls_policy insured that I was using SSL. I'll tcpdump and see sometime, but for now this seems to be all that's needed.
(Can we get SASL in base? I know LDAP, kerberos, and NFSv4 would appreciate it)
UPDATE!
To fix the ssl cert warning, add the following package:
mozilla-rootcerts
then
cd /etc/openssl/certs
mozilla-rootcerts extract
mozilla-rootcerts rehash
And add the following to your main.cf:
smtp_tls_CApath = /etc/openssl/certs
how to get individual gmail accounts/senders working is mentioned in this thread.